diff --git a/Earthfile b/Earthfile index c9606ee..5da7d18 100644 --- a/Earthfile +++ b/Earthfile @@ -42,7 +42,7 @@ build: aiven-types: FROM +prepare - RUN for type in redis; do \ + RUN for type in redis opensearches; do \ curl -sSL https://raw.githubusercontent.com/aiven/aiven-operator/main/config/crd/bases/aiven.io_${type}.yaml | kopium -Af - > aiven_${type}.rs; \ done SAVE ARTIFACT aiven_*.rs AS LOCAL src/aiven_types/ diff --git a/src/aiven_types/aiven_opensearches.rs b/src/aiven_types/aiven_opensearches.rs new file mode 100644 index 0000000..a9eca02 --- /dev/null +++ b/src/aiven_types/aiven_opensearches.rs @@ -0,0 +1,578 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium -Af - +// kopium version: 0.15.0 + +use kube::CustomResource; +use schemars::JsonSchema; +use serde::{Serialize, Deserialize}; +use std::collections::BTreeMap; + +/// OpenSearchSpec defines the desired state of OpenSearch +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, JsonSchema)] +#[kube(group = "aiven.io", version = "v1alpha1", kind = "OpenSearch", plural = "opensearches")] +#[kube(namespaced)] +#[kube(status = "OpenSearchStatus")] +pub struct OpenSearchSpec { + /// Authentication reference to Aiven token in a secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authSecretRef")] + pub auth_secret_ref: Option, + /// Cloud the service runs in. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudName")] + pub cloud_name: Option, + /// Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "connInfoSecretTarget")] + pub conn_info_secret_target: Option, + /// The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub disk_space: Option, + /// Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maintenanceWindowDow")] + pub maintenance_window_dow: Option, + /// Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maintenanceWindowTime")] + pub maintenance_window_time: Option, + /// Subscription plan. + pub plan: String, + /// Target project. + pub project: String, + /// ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectVPCRef")] + pub project_vpc_ref: Option, + /// Identifier of the VPC the service should be in, if any. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectVpcId")] + pub project_vpc_id: Option, + /// Service integrations to specify when creating a service. Not applied after initial service creation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceIntegrations")] + pub service_integrations: Option>, + /// Tags are key-value pairs that allow you to categorize services. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tags: Option>, + /// Prevent service from being deleted. It is recommended to have this enabled for all services. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationProtection")] + pub termination_protection: Option, + /// OpenSearch specific user configuration options + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userConfig")] + pub user_config: Option, +} + +/// Authentication reference to Aiven token in a secret +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchAuthSecretRef { + pub key: String, + pub name: String, +} + +/// Information regarding secret creation. Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD` +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchConnInfoSecretTarget { + /// Annotations added to the secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels added to the secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the secret resource to be created. By default, is equal to the resource name + pub name: String, + /// Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +/// OpenSearchSpec defines the desired state of OpenSearch +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub enum OpenSearchMaintenanceWindowDow { + #[serde(rename = "monday")] + Monday, + #[serde(rename = "tuesday")] + Tuesday, + #[serde(rename = "wednesday")] + Wednesday, + #[serde(rename = "thursday")] + Thursday, + #[serde(rename = "friday")] + Friday, + #[serde(rename = "saturday")] + Saturday, + #[serde(rename = "sunday")] + Sunday, +} + +/// ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchProjectVpcRef { + pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Service integrations to specify when creating a service. Not applied after initial service creation +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchServiceIntegrations { + #[serde(rename = "integrationType")] + pub integration_type: OpenSearchServiceIntegrationsIntegrationType, + #[serde(rename = "sourceServiceName")] + pub source_service_name: String, +} + +/// Service integrations to specify when creating a service. Not applied after initial service creation +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub enum OpenSearchServiceIntegrationsIntegrationType { + #[serde(rename = "read_replica")] + ReadReplica, +} + +/// OpenSearch specific user configuration options +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfig { + /// Additional Cloud Regions for Backup Replication + #[serde(default, skip_serializing_if = "Option::is_none")] + pub additional_backup_regions: Option>, + /// Serve the web frontend using a custom CNAME pointing to the Aiven DNS name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub custom_domain: Option, + /// DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub disable_replication_factor_adjustment: Option, + /// Index patterns + #[serde(default, skip_serializing_if = "Option::is_none")] + pub index_patterns: Option>, + /// Template settings for all new indexes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub index_template: Option, + /// Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16' + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ip_filter: Option>, + /// Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub keep_index_refresh_interval: Option, + /// DEPRECATED: use index_patterns instead + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_index_count: Option, + /// OpenSearch OpenID Connect Configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub openid: Option, + /// OpenSearch settings + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch: Option, + /// OpenSearch Dashboards settings + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_dashboards: Option, + /// OpenSearch major version + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_version: Option, + /// Allow access to selected service ports from private networks + #[serde(default, skip_serializing_if = "Option::is_none")] + pub private_access: Option, + /// Allow access to selected service components through Privatelink + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privatelink_access: Option, + /// Name of another project to fork a service from. This has effect only when a new service is being created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub project_to_fork_from: Option, + /// Allow access to selected service ports from the public Internet + #[serde(default, skip_serializing_if = "Option::is_none")] + pub public_access: Option, + /// Name of the basebackup to restore in forked service + #[serde(default, skip_serializing_if = "Option::is_none")] + pub recovery_basebackup_name: Option, + /// OpenSearch SAML configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub saml: Option, + /// Name of another service to fork from. This has effect only when a new service is being created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service_to_fork_from: Option, + /// Use static public IP addresses + #[serde(default, skip_serializing_if = "Option::is_none")] + pub static_ips: Option, +} + +/// Allows you to create glob style patterns and set a max number of indexes matching this pattern you want to keep. Creating indexes exceeding this value will cause the oldest one to get deleted. You could for example create a pattern looking like 'logs.?' and then create index logs.1, logs.2 etc, it will delete logs.1 once you create logs.6. Do note 'logs.?' does not apply to logs.10. Note: Setting max_index_count to 0 will do nothing and the pattern gets ignored. +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigIndexPatterns { + /// Maximum number of indexes to keep + pub max_index_count: i64, + /// fnmatch pattern + pub pattern: String, + /// Deletion sorting algorithm + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sorting_algorithm: Option, +} + +/// Allows you to create glob style patterns and set a max number of indexes matching this pattern you want to keep. Creating indexes exceeding this value will cause the oldest one to get deleted. You could for example create a pattern looking like 'logs.?' and then create index logs.1, logs.2 etc, it will delete logs.1 once you create logs.6. Do note 'logs.?' does not apply to logs.10. Note: Setting max_index_count to 0 will do nothing and the pattern gets ignored. +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub enum OpenSearchUserConfigIndexPatternsSortingAlgorithm { + #[serde(rename = "alphabetical")] + Alphabetical, + #[serde(rename = "creation_date")] + CreationDate, +} + +/// Template settings for all new indexes +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigIndexTemplate { + /// The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub mapping_nested_objects_limit: Option, + /// The number of replicas each primary shard has. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub number_of_replicas: Option, + /// The number of primary shards that an index should have. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub number_of_shards: Option, +} + +/// CIDR address block, either as a string, or in a dict with an optional description field +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigIpFilter { + /// Description for IP filter list entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// CIDR address block + pub network: String, +} + +/// OpenSearch OpenID Connect Configuration +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpenid { + /// The ID of the OpenID Connect client configured in your IdP. Required. + pub client_id: String, + /// The client secret of the OpenID Connect client configured in your IdP. Required. + pub client_secret: String, + /// The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings. + pub connect_url: String, + /// Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// HTTP header name of the JWT token. Optional. Default is Authorization. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub header: Option, + /// The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt_header: Option, + /// If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt_url_parameter: Option, + /// The maximum number of unknown key IDs in the time frame. Default is 10. Optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub refresh_rate_limit_count: Option, + /// The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub refresh_rate_limit_time_window_ms: Option, + /// The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles_key: Option, + /// The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scope: Option, + /// The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject_key: Option, +} + +/// OpenSearch settings +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpensearch { + /// Explicitly allow or block automatic creation of indices. Defaults to true + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action_auto_create_index_enabled: Option, + /// Require explicit index names when deleting + #[serde(default, skip_serializing_if = "Option::is_none")] + pub action_destructive_requires_name: Option, + /// Opensearch Security Plugin Settings + #[serde(default, skip_serializing_if = "Option::is_none")] + pub auth_failure_listeners: Option, + /// Controls the number of shards allowed in the cluster per data node + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster_max_shards_per_node: Option, + /// How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cluster_routing_allocation_node_concurrent_recoveries: Option, + /// Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore + #[serde(default, skip_serializing_if = "Option::is_none")] + pub email_sender_name: Option, + /// Sender password for Opensearch alerts to authenticate with SMTP server + #[serde(default, skip_serializing_if = "Option::is_none")] + pub email_sender_password: Option, + /// Sender username for Opensearch alerts + #[serde(default, skip_serializing_if = "Option::is_none")] + pub email_sender_username: Option, + /// Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http_max_content_length: Option, + /// The max size of allowed headers, in bytes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http_max_header_size: Option, + /// The max length of an HTTP URL, in bytes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http_max_initial_line_length: Option, + /// Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_fielddata_cache_size: Option, + /// Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_memory_index_buffer_size: Option, + /// Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_queries_cache_size: Option, + /// Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_query_bool_max_clause_count: Option, + /// Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_recovery_max_bytes_per_sec: Option, + /// Number of file chunks sent in parallel for each recovery. Defaults to 2. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub indices_recovery_max_concurrent_file_chunks: Option, + /// Specifies whether ISM is enabled or not + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_enabled: Option, + /// Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_history_enabled: Option, + /// The maximum age before rolling over the audit history index in hours + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_history_max_age: Option, + /// The maximum number of documents before rolling over the audit history index. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_history_max_docs: Option, + /// The time between rollover checks for the audit history index in hours. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_history_rollover_check_period: Option, + /// How long audit history indices are kept in days. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ism_history_rollover_retention_period: Option, + /// Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false + #[serde(default, skip_serializing_if = "Option::is_none")] + pub override_main_response_version: Option, + /// Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reindex_remote_whitelist: Option>, + /// Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context + #[serde(default, skip_serializing_if = "Option::is_none")] + pub script_max_compilations_rate: Option, + /// Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub search_max_buckets: Option, + /// Size for the thread pool queue. See documentation for exact details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_analyze_queue_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_analyze_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_force_merge_size: Option, + /// Size for the thread pool queue. See documentation for exact details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_get_queue_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_get_size: Option, + /// Size for the thread pool queue. See documentation for exact details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_search_queue_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_search_size: Option, + /// Size for the thread pool queue. See documentation for exact details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_search_throttled_queue_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_search_throttled_size: Option, + /// Size for the thread pool queue. See documentation for exact details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_write_queue_size: Option, + /// Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub thread_pool_write_size: Option, +} + +/// Opensearch Security Plugin Settings +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpensearchAuthFailureListeners { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub internal_authentication_backend_limiting: Option, + /// IP address rate limiting settings + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ip_rate_limiting: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpensearchAuthFailureListenersInternalAuthenticationBackendLimiting { + /// The number of login attempts allowed before login is blocked + #[serde(default, skip_serializing_if = "Option::is_none")] + pub allowed_tries: Option, + /// internal_authentication_backend_limiting.authentication_backend + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication_backend: Option, + /// The duration of time that login remains blocked after a failed login + #[serde(default, skip_serializing_if = "Option::is_none")] + pub block_expiry_seconds: Option, + /// internal_authentication_backend_limiting.max_blocked_clients + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_blocked_clients: Option, + /// The maximum number of tracked IP addresses that have failed login + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_tracked_clients: Option, + /// The window of time in which the value for `allowed_tries` is enforced + #[serde(default, skip_serializing_if = "Option::is_none")] + pub time_window_seconds: Option, + /// internal_authentication_backend_limiting.type + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// IP address rate limiting settings +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpensearchAuthFailureListenersIpRateLimiting { + /// The number of login attempts allowed before login is blocked + #[serde(default, skip_serializing_if = "Option::is_none")] + pub allowed_tries: Option, + /// The duration of time that login remains blocked after a failed login + #[serde(default, skip_serializing_if = "Option::is_none")] + pub block_expiry_seconds: Option, + /// The maximum number of blocked IP addresses + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_blocked_clients: Option, + /// The maximum number of tracked IP addresses that have failed login + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_tracked_clients: Option, + /// The window of time in which the value for `allowed_tries` is enforced + #[serde(default, skip_serializing_if = "Option::is_none")] + pub time_window_seconds: Option, + /// The type of rate limiting + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, +} + +/// OpenSearch Dashboards settings +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigOpensearchDashboards { + /// Enable or disable OpenSearch Dashboards + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub max_old_space_size: Option, + /// Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_request_timeout: Option, +} + +/// OpenSearch specific user configuration options +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub enum OpenSearchUserConfigOpensearchVersion { + #[serde(rename = "1")] + r#_1, + #[serde(rename = "2")] + r#_2, +} + +/// Allow access to selected service ports from private networks +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigPrivateAccess { + /// Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch: Option, + /// Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_dashboards: Option, + /// Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, +} + +/// Allow access to selected service components through Privatelink +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigPrivatelinkAccess { + /// Enable opensearch + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch: Option, + /// Enable opensearch_dashboards + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_dashboards: Option, + /// Enable prometheus + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, +} + +/// Allow access to selected service ports from the public Internet +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigPublicAccess { + /// Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch: Option, + /// Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opensearch_dashboards: Option, + /// Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, +} + +/// OpenSearch SAML configuration +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchUserConfigSaml { + /// Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider. + pub enabled: bool, + /// The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP. + pub idp_entity_id: String, + /// The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP. + pub idp_metadata_url: String, + /// This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub idp_pemtrustedcas_content: Option, + /// Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles_key: Option, + /// The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP. + pub sp_entity_id: String, + /// Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject_key: Option, +} + +/// ServiceStatus defines the observed state of service +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchStatus { + /// Conditions represent the latest available observations of a service state + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// Service state + #[serde(default, skip_serializing_if = "Option::is_none")] + pub state: Option, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub struct OpenSearchStatusConditions { + /// lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + #[serde(rename = "lastTransitionTime")] + pub last_transition_time: String, + /// message is a human readable message indicating details about the transition. This may be an empty string. + pub message: String, + /// observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + pub reason: String, + /// status of the condition, one of True, False, Unknown. + pub status: OpenSearchStatusConditionsStatus, + /// type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + #[serde(rename = "type")] + pub r#type: String, +} + +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// // other fields } +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] +pub enum OpenSearchStatusConditionsStatus { + True, + False, + Unknown, +} + diff --git a/src/aiven_types/aiven_redis.rs b/src/aiven_types/aiven_redis.rs index 0475d0f..5b37066 100644 --- a/src/aiven_types/aiven_redis.rs +++ b/src/aiven_types/aiven_redis.rs @@ -4,393 +4,349 @@ use kube::CustomResource; use schemars::JsonSchema; -use serde::{Deserialize, Serialize}; +use serde::{Serialize, Deserialize}; use std::collections::BTreeMap; /// RedisSpec defines the desired state of Redis #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, JsonSchema)] -#[kube( - group = "aiven.io", - version = "v1alpha1", - kind = "Redis", - plural = "redis" -)] +#[kube(group = "aiven.io", version = "v1alpha1", kind = "Redis", plural = "redis")] #[kube(namespaced)] #[kube(status = "RedisStatus")] pub struct RedisSpec { - /// Authentication reference to Aiven token in a secret - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "authSecretRef" - )] - pub auth_secret_ref: Option, - /// Cloud the service runs in. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudName")] - pub cloud_name: Option, - /// Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "connInfoSecretTarget" - )] - pub conn_info_secret_target: Option, - /// The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disk_space: Option, - /// Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "maintenanceWindowDow" - )] - pub maintenance_window_dow: Option, - /// Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format. - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "maintenanceWindowTime" - )] - pub maintenance_window_time: Option, - /// Subscription plan. - pub plan: String, - /// Target project. - pub project: String, - /// ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "projectVPCRef" - )] - pub project_vpc_ref: Option, - /// Identifier of the VPC the service should be in, if any. - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "projectVpcId" - )] - pub project_vpc_id: Option, - /// Service integrations to specify when creating a service. Not applied after initial service creation - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "serviceIntegrations" - )] - pub service_integrations: Option>, - /// Tags are key-value pairs that allow you to categorize services. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option>, - /// Prevent service from being deleted. It is recommended to have this enabled for all services. - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "terminationProtection" - )] - pub termination_protection: Option, - /// Redis specific user configuration options - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "userConfig" - )] - pub user_config: Option, + /// Authentication reference to Aiven token in a secret + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authSecretRef")] + pub auth_secret_ref: Option, + /// Cloud the service runs in. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cloudName")] + pub cloud_name: Option, + /// Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` + #[serde(default, skip_serializing_if = "Option::is_none", rename = "connInfoSecretTarget")] + pub conn_info_secret_target: Option, + /// The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub disk_space: Option, + /// Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maintenanceWindowDow")] + pub maintenance_window_dow: Option, + /// Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "maintenanceWindowTime")] + pub maintenance_window_time: Option, + /// Subscription plan. + pub plan: String, + /// Target project. + pub project: String, + /// ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectVPCRef")] + pub project_vpc_ref: Option, + /// Identifier of the VPC the service should be in, if any. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "projectVpcId")] + pub project_vpc_id: Option, + /// Service integrations to specify when creating a service. Not applied after initial service creation + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceIntegrations")] + pub service_integrations: Option>, + /// Tags are key-value pairs that allow you to categorize services. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tags: Option>, + /// Prevent service from being deleted. It is recommended to have this enabled for all services. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationProtection")] + pub termination_protection: Option, + /// Redis specific user configuration options + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userConfig")] + pub user_config: Option, } /// Authentication reference to Aiven token in a secret #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisAuthSecretRef { - pub key: String, - pub name: String, + pub key: String, + pub name: String, } /// Information regarding secret creation. Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisConnInfoSecretTarget { - /// Annotations added to the secret - #[serde(default, skip_serializing_if = "Option::is_none")] - pub annotations: Option>, - /// Labels added to the secret - #[serde(default, skip_serializing_if = "Option::is_none")] - pub labels: Option>, - /// Name of the secret resource to be created. By default, is equal to the resource name - pub name: String, - /// Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub prefix: Option, + /// Annotations added to the secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels added to the secret + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// Name of the secret resource to be created. By default, is equal to the resource name + pub name: String, + /// Prefix for the secret's keys. Added "as is" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. `KAFKA_`, `REDIS_`, etc. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, } /// RedisSpec defines the desired state of Redis #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisMaintenanceWindowDow { - #[serde(rename = "monday")] - Monday, - #[serde(rename = "tuesday")] - Tuesday, - #[serde(rename = "wednesday")] - Wednesday, - #[serde(rename = "thursday")] - Thursday, - #[serde(rename = "friday")] - Friday, - #[serde(rename = "saturday")] - Saturday, - #[serde(rename = "sunday")] - Sunday, + #[serde(rename = "monday")] + Monday, + #[serde(rename = "tuesday")] + Tuesday, + #[serde(rename = "wednesday")] + Wednesday, + #[serde(rename = "thursday")] + Thursday, + #[serde(rename = "friday")] + Friday, + #[serde(rename = "saturday")] + Saturday, + #[serde(rename = "sunday")] + Sunday, } /// ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisProjectVpcRef { - pub name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub namespace: Option, + pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, } /// Service integrations to specify when creating a service. Not applied after initial service creation #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisServiceIntegrations { - #[serde(rename = "integrationType")] - pub integration_type: RedisServiceIntegrationsIntegrationType, - #[serde(rename = "sourceServiceName")] - pub source_service_name: String, + #[serde(rename = "integrationType")] + pub integration_type: RedisServiceIntegrationsIntegrationType, + #[serde(rename = "sourceServiceName")] + pub source_service_name: String, } /// Service integrations to specify when creating a service. Not applied after initial service creation #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisServiceIntegrationsIntegrationType { - #[serde(rename = "read_replica")] - ReadReplica, + #[serde(rename = "read_replica")] + ReadReplica, } /// Redis specific user configuration options #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfig { - /// Additional Cloud Regions for Backup Replication - #[serde(default, skip_serializing_if = "Option::is_none")] - pub additional_backup_regions: Option>, - /// Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16' - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ip_filter: Option>, - /// Migrate data from existing server - #[serde(default, skip_serializing_if = "Option::is_none")] - pub migration: Option, - /// Allow access to selected service ports from private networks - #[serde(default, skip_serializing_if = "Option::is_none")] - pub private_access: Option, - /// Allow access to selected service components through Privatelink - #[serde(default, skip_serializing_if = "Option::is_none")] - pub privatelink_access: Option, - /// Name of another project to fork a service from. This has effect only when a new service is being created. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub project_to_fork_from: Option, - /// Allow access to selected service ports from the public Internet - #[serde(default, skip_serializing_if = "Option::is_none")] - pub public_access: Option, - /// Name of the basebackup to restore in forked service - #[serde(default, skip_serializing_if = "Option::is_none")] - pub recovery_basebackup_name: Option, - /// Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_acl_channels_default: Option, - /// Redis IO thread count - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_io_threads: Option, - /// LFU maxmemory-policy counter decay time in minutes - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_lfu_decay_time: Option, - /// Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_lfu_log_factor: Option, - /// Redis maxmemory-policy - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_maxmemory_policy: Option, - /// Set notify-keyspace-events option - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_notify_keyspace_events: Option, - /// Set number of redis databases. Changing this will cause a restart of redis service. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_number_of_databases: Option, - /// When persistence is 'rdb', Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is 'off', no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_persistence: Option, - /// Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_pubsub_client_output_buffer_limit: Option, - /// Require SSL to access Redis - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_ssl: Option, - /// Redis idle connection timeout in seconds - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis_timeout: Option, - /// Name of another service to fork from. This has effect only when a new service is being created. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub service_to_fork_from: Option, - /// Use static public IP addresses - #[serde(default, skip_serializing_if = "Option::is_none")] - pub static_ips: Option, + /// Additional Cloud Regions for Backup Replication + #[serde(default, skip_serializing_if = "Option::is_none")] + pub additional_backup_regions: Option>, + /// Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16' + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ip_filter: Option>, + /// Migrate data from existing server + #[serde(default, skip_serializing_if = "Option::is_none")] + pub migration: Option, + /// Allow access to selected service ports from private networks + #[serde(default, skip_serializing_if = "Option::is_none")] + pub private_access: Option, + /// Allow access to selected service components through Privatelink + #[serde(default, skip_serializing_if = "Option::is_none")] + pub privatelink_access: Option, + /// Name of another project to fork a service from. This has effect only when a new service is being created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub project_to_fork_from: Option, + /// Allow access to selected service ports from the public Internet + #[serde(default, skip_serializing_if = "Option::is_none")] + pub public_access: Option, + /// Name of the basebackup to restore in forked service + #[serde(default, skip_serializing_if = "Option::is_none")] + pub recovery_basebackup_name: Option, + /// Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_acl_channels_default: Option, + /// Set Redis IO thread count. Changing this will cause a restart of the Redis service. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_io_threads: Option, + /// LFU maxmemory-policy counter decay time in minutes + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_lfu_decay_time: Option, + /// Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_lfu_log_factor: Option, + /// Redis maxmemory-policy + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_maxmemory_policy: Option, + /// Set notify-keyspace-events option + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_notify_keyspace_events: Option, + /// Set number of Redis databases. Changing this will cause a restart of the Redis service. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_number_of_databases: Option, + /// When persistence is 'rdb', Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is 'off', no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_persistence: Option, + /// Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_pubsub_client_output_buffer_limit: Option, + /// Require SSL to access Redis + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_ssl: Option, + /// Redis idle connection timeout in seconds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis_timeout: Option, + /// Name of another service to fork from. This has effect only when a new service is being created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub service_to_fork_from: Option, + /// Use static public IP addresses + #[serde(default, skip_serializing_if = "Option::is_none")] + pub static_ips: Option, } /// CIDR address block, either as a string, or in a dict with an optional description field #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfigIpFilter { - /// Description for IP filter list entry - #[serde(default, skip_serializing_if = "Option::is_none")] - pub description: Option, - /// CIDR address block - pub network: String, + /// Description for IP filter list entry + #[serde(default, skip_serializing_if = "Option::is_none")] + pub description: Option, + /// CIDR address block + pub network: String, } /// Migrate data from existing server #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfigMigration { - /// Database name for bootstrapping the initial connection - #[serde(default, skip_serializing_if = "Option::is_none")] - pub dbname: Option, - /// Hostname or IP address of the server where to migrate data from - pub host: String, - /// Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ignore_dbs: Option, - /// The migration method to be used (currently supported only by Redis, MySQL and PostgreSQL service types) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub method: Option, - /// Password for authentication with the server where to migrate data from - #[serde(default, skip_serializing_if = "Option::is_none")] - pub password: Option, - /// Port number of the server where to migrate data from - pub port: i64, - /// The server where to migrate data from is secured with SSL - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ssl: Option, - /// User name for authentication with the server where to migrate data from - #[serde(default, skip_serializing_if = "Option::is_none")] - pub username: Option, + /// Database name for bootstrapping the initial connection + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dbname: Option, + /// Hostname or IP address of the server where to migrate data from + pub host: String, + /// Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ignore_dbs: Option, + /// The migration method to be used (currently supported only by Redis, MySQL and PostgreSQL service types) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Password for authentication with the server where to migrate data from + #[serde(default, skip_serializing_if = "Option::is_none")] + pub password: Option, + /// Port number of the server where to migrate data from + pub port: i64, + /// The server where to migrate data from is secured with SSL + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ssl: Option, + /// User name for authentication with the server where to migrate data from + #[serde(default, skip_serializing_if = "Option::is_none")] + pub username: Option, } /// Migrate data from existing server #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisUserConfigMigrationMethod { - #[serde(rename = "dump")] - Dump, - #[serde(rename = "replication")] - Replication, + #[serde(rename = "dump")] + Dump, + #[serde(rename = "replication")] + Replication, } /// Allow access to selected service ports from private networks #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfigPrivateAccess { - /// Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations - #[serde(default, skip_serializing_if = "Option::is_none")] - pub prometheus: Option, - /// Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis: Option, + /// Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, + /// Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis: Option, } /// Allow access to selected service components through Privatelink #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfigPrivatelinkAccess { - /// Enable prometheus - #[serde(default, skip_serializing_if = "Option::is_none")] - pub prometheus: Option, - /// Enable redis - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis: Option, + /// Enable prometheus + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, + /// Enable redis + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis: Option, } /// Allow access to selected service ports from the public Internet #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisUserConfigPublicAccess { - /// Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network - #[serde(default, skip_serializing_if = "Option::is_none")] - pub prometheus: Option, - /// Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network - #[serde(default, skip_serializing_if = "Option::is_none")] - pub redis: Option, + /// Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, + /// Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network + #[serde(default, skip_serializing_if = "Option::is_none")] + pub redis: Option, } /// Redis specific user configuration options #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisUserConfigRedisAclChannelsDefault { - #[serde(rename = "allchannels")] - Allchannels, - #[serde(rename = "resetchannels")] - Resetchannels, + #[serde(rename = "allchannels")] + Allchannels, + #[serde(rename = "resetchannels")] + Resetchannels, } /// Redis specific user configuration options #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisUserConfigRedisMaxmemoryPolicy { - #[serde(rename = "noeviction")] - Noeviction, - #[serde(rename = "allkeys-lru")] - AllkeysLru, - #[serde(rename = "volatile-lru")] - VolatileLru, - #[serde(rename = "allkeys-random")] - AllkeysRandom, - #[serde(rename = "volatile-random")] - VolatileRandom, - #[serde(rename = "volatile-ttl")] - VolatileTtl, - #[serde(rename = "volatile-lfu")] - VolatileLfu, - #[serde(rename = "allkeys-lfu")] - AllkeysLfu, + #[serde(rename = "noeviction")] + Noeviction, + #[serde(rename = "allkeys-lru")] + AllkeysLru, + #[serde(rename = "volatile-lru")] + VolatileLru, + #[serde(rename = "allkeys-random")] + AllkeysRandom, + #[serde(rename = "volatile-random")] + VolatileRandom, + #[serde(rename = "volatile-ttl")] + VolatileTtl, + #[serde(rename = "volatile-lfu")] + VolatileLfu, + #[serde(rename = "allkeys-lfu")] + AllkeysLfu, } /// Redis specific user configuration options #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisUserConfigRedisPersistence { - #[serde(rename = "off")] - Off, - #[serde(rename = "rdb")] - Rdb, + #[serde(rename = "off")] + Off, + #[serde(rename = "rdb")] + Rdb, } /// ServiceStatus defines the observed state of service #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisStatus { - /// Conditions represent the latest available observations of a service state - #[serde(default, skip_serializing_if = "Option::is_none")] - pub conditions: Option>, - /// Service state - #[serde(default, skip_serializing_if = "Option::is_none")] - pub state: Option, + /// Conditions represent the latest available observations of a service state + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// Service state + #[serde(default, skip_serializing_if = "Option::is_none")] + pub state: Option, } -/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, -/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` /// // other fields } #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub struct RedisStatusConditions { - /// lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - #[serde(rename = "lastTransitionTime")] - pub last_transition_time: String, - /// message is a human readable message indicating details about the transition. This may be an empty string. - pub message: String, - /// observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - #[serde( - default, - skip_serializing_if = "Option::is_none", - rename = "observedGeneration" - )] - pub observed_generation: Option, - /// reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - pub reason: String, - /// status of the condition, one of True, False, Unknown. - pub status: RedisStatusConditionsStatus, - /// type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(rename = "type")] - pub r#type: String, + /// lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + #[serde(rename = "lastTransitionTime")] + pub last_transition_time: String, + /// message is a human readable message indicating details about the transition. This may be an empty string. + pub message: String, + /// observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, + /// reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + pub reason: String, + /// status of the condition, one of True, False, Unknown. + pub status: RedisStatusConditionsStatus, + /// type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + #[serde(rename = "type")] + pub r#type: String, } -/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, -/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +/// Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, +/// type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` /// // other fields } #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema)] pub enum RedisStatusConditionsStatus { - True, - False, - Unknown, + True, + False, + Unknown, } + diff --git a/src/aiven_types/mod.rs b/src/aiven_types/mod.rs index a06ce4b..6ebbf29 100644 --- a/src/aiven_types/mod.rs +++ b/src/aiven_types/mod.rs @@ -1,9 +1,11 @@ use std::collections::BTreeMap; +use crate::aiven_types::aiven_opensearches::OpenSearch; use kube::Resource; use crate::aiven_types::aiven_redis::Redis; +pub mod aiven_opensearches; pub mod aiven_redis; pub trait AivenObject { @@ -53,3 +55,25 @@ impl AivenObject for Redis { self.spec.project_vpc_id.clone() } } + +impl AivenObject for OpenSearch { + fn get_cloud_name(&self) -> Option { + self.spec.cloud_name.clone() + } + + fn get_team_name(&self) -> Option { + self.meta().namespace.clone() + } + + fn get_tags(&self) -> Option> { + self.spec.tags.clone() + } + + fn get_termination_protection(&self) -> Option { + self.spec.termination_protection.clone() + } + + fn get_project_vpc_id(&self) -> Option { + self.spec.project_vpc_id.clone() + } +} diff --git a/src/web.rs b/src/web.rs index 60c000a..4fdac7b 100644 --- a/src/web.rs +++ b/src/web.rs @@ -12,6 +12,7 @@ use kube::core::DynamicObject; use kube::ResourceExt; use tracing::{debug, error, info, info_span, instrument, warn}; +use crate::aiven_types::aiven_opensearches::OpenSearch; use crate::aiven_types::aiven_redis::Redis; use crate::aiven_types::AivenObject; use crate::mutators; @@ -103,6 +104,16 @@ async fn mutate_handler( }; Box::new(redis) }, + "OpenSearch" => { + let open_search: OpenSearch = match obj.clone().try_parse() { + Ok(open_search) => open_search, + Err(err) => { + error!("Unable to parse OpenSearch object: {}", err.to_string()); + return bad_request("unable to parse OpenSearch object"); + }, + }; + Box::new(open_search) + }, _ => { return bad_request("unsupported resource type"); },